--- "=?ISO-8859-1?Q?Jo=E3o_Salvatti?=" <[EMAIL PROTECTED]> wrote: > Hi all, > > I've tried to find any definition on the Internet before but I really > couldn't find a paper or anything that could clear up my doubts. If > anyone here could help me I'd be very thankful. The questions are the > following: > > 1. What is privilege separation? >
It's a technique that prevents your code from having to run under a privileged user to achieve a privileged task. Instead of having a single process running, you get an unprivileged process and a privileged process. The unprivileged process executes most of the code, and requests the privileged process to perform the privileged task on its behalf. The code that is executed under the privileged account is kept as simple and small as possible, limiting the risks in case of an "evil bug" (c). > 2. What is privilege revocation? > It's a technique that consists of lowering the privileges of an application after it has performed its initial privileged tasks. Your httpd for example MUST be started as root to listen on port 80 (which is privileged), but does not require to run as root to handle its clients. So, it starts at root, does the privileged tasks, then "drops" (or revoks) privileges to run as an unprivileged "www" user. > 3. What is ProPolice? > A GCC extension for protecting applications from stack-smashing attacks. it's all explained on google ;) > Thanks. > np.
